Threat Briefing: June 7, 2024

Detecting and responding to threats can be a challenge for organizations, either due to a complex and diverse network infrastructure, lack of personnel, or lack of equipment and services. This makes it difficult for organizations to prevent or respond to cyber attacks.

A new program sponsored by a U.S. government agency will provide money to public schools to help address their cybersecurity needs, especially as schools continue to be a target for cyber actors and ransomware attacks. Organizations also need to be aware of how the ransomware threat changes. Some groups are focused solely on encrypting data, while others simply exfiltrate data and threaten to leak it and others engage in “double extortion,” both encrypting and exfiltrating data.

Cyber actors constantly seek opportunities to make money and obtain data, targeting any organization they can. Therefore, it’s crucial to take measures to protect your data.

• New Ransomware Variant “Fog” Targeting Education Sector – The Fog ransomware focuses on encryption of data stored in virtualized environments but does not exfiltrate data. The threat actors behind Fog have utilized stolen virtual private network credentials for initial access and also abused open-source tools such as Metasploit and PsExec. Fog’s victims have only been identified in the U.S. at this point, with the victims mostly coming from the education sector and some victims in the recreation sector. Dark Reading

• RansomHub Takes Credit for April Cyber Attack Against Telecommunications Company Frontier – RansomHub claimed to have acquired data for over 2 million people from the attack, including names, addresses, and credit scores. In mid-April, Frontier detected unauthorized access to its systems and had to shut down parts of its system as part of “containment measures.” Frontier disclosed the cyber incident to the Securities and Exchange Commission in April of this year. The Record

• Federal Communications Commission (FCC) Announces Pilot Program to Support Cybersecurity for Schools and Libraries with $200 Million in Funding – The program will collect data from K-12 schools and libraries and help the FCC to understand cyber threats against schools and libraries. The funding provided by the FCC will be used to support equipment and cybersecurity services for schools and libraries. Federal Communications Commission

• Five Foreign Influence Campaigns Using Artificial Intelligence (AI) Disrupted by OpenAI – OpenAI disrupted five foreign influence campaigns using AI conducted by Israel, Iran, China, and Russia. These countries primarily used AI to generate text for social media posts and comments, while Russia and China also utilized AI for debugging code. In response, OpenAI is enhancing security measures for its platforms and collaborating with other companies. Dark Reading

• V3B Phishing Kit Used to Target European Banking Clients, Targeting Over 50 Financial Institutions –  The V3B phishing kit has been operational since March 2023 and can be rented by cyber threat actors. The kit has multiple modules that cyber threat actors can access, allowing them to bypass MFA in real-time. The V3B kit can also be utilized to capture credit card data of victims. BankInfoSecurity